#SilverSAML

New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems

by

February 29, 2024 at 11:27AM Cybersecurity researchers have unveiled a new attack technique called Silver SAML, a variant of the Golden SAML attack that exploits SAML for unauthorized access to applications like Salesforce. While real-world attacks are rare, the method poses a moderate-severity threat, impacting organizations using identity providers like Microsoft Entra ID. Responsible disclosure … Read more

Echoes of SolarWinds in New ‘Silver SAML’ Attack Technique

by

February 29, 2024 at 06:08AM The SolarWinds attack involved the use of “Golden SAML” technique to forge SAML response tokens and gain access to enterprise networks. Researchers at Semperis have now identified a new version called “Silver SAML,” which does not require access to ADFS and can work with Microsoft Entra ID and other identity … Read more